U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 180 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2022-45888

An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device.

Published: November 24, 2022; 11:15:09 PM -0500
V3.1: 6.4 MEDIUM
V2.0:(not available)
CVE-2022-45887

An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.

Published: November 24, 2022; 11:15:09 PM -0500
V3.1: 4.7 MEDIUM
V2.0:(not available)
CVE-2022-45886

An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.

Published: November 24, 2022; 11:15:09 PM -0500
V3.1: 7.0 HIGH
V2.0:(not available)
CVE-2022-45885

An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.

Published: November 24, 2022; 11:15:09 PM -0500
V3.1: 7.0 HIGH
V2.0:(not available)
CVE-2022-45884

An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.

Published: November 24, 2022; 11:15:09 PM -0500
V3.1: 7.0 HIGH
V2.0:(not available)
CVE-2022-40303

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.

Published: November 22, 2022; 7:15:11 PM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-42915

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0.

Published: October 29, 2022; 4:15:09 PM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-35252

When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.

Published: September 23, 2022; 10:15:12 AM -0400
V3.1: 3.7 LOW
V2.0:(not available)
CVE-2022-2964

A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.

Published: September 09, 2022; 11:15:10 AM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-2526

A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.

Published: September 09, 2022; 11:15:10 AM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-39046

An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.

Published: August 31, 2022; 2:15:07 AM -0400
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2021-3999

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.

Published: August 24, 2022; 12:15:09 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2021-3998

A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.

Published: August 24, 2022; 12:15:09 PM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-2938

A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects.

Published: August 23, 2022; 4:15:08 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-37434

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

Published: August 05, 2022; 3:15:07 AM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-36123

The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges.

Published: July 29, 2022; 10:15:08 AM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-36879

An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.

Published: July 27, 2022; 12:15:10 AM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-1671

A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel. This flaw allows a local attacker to crash the system or leak internal kernel information.

Published: July 26, 2022; 1:15:08 PM -0400
V3.1: 7.1 HIGH
V2.0:(not available)
CVE-2022-31160

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( "refresh" )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the `label` in a `span`.

Published: July 20, 2022; 4:15:08 PM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-32208

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.

Published: July 07, 2022; 9:15:08 AM -0400
V3.1: 5.9 MEDIUM
V2.0: 4.3 MEDIUM